https://community.cisco.com/t5/network-access-control/multiple-aaa-server-hosts-for-vpn-authentication/m-p/698920#M422671 <HTML><HEAD></HEAD><BODY><P>If you configured the authentication server using a DNS name then this problem will occur .Configure the authentication server using an IP Address instead of the DNS name as a workaround.</P></BODY></HTML> Wed, 18 Oct 2006 23:37:34 GMT amritpatek 2006-10-18T23:37:34Z https://community.cisco.com/t5/network-access-control/multiple-aaa-server-hosts-for-vpn-authentication/m-p/698919#M422668 <P>ASA5510 - 7.2(1)</P><P></P><P>Using the following config, I am attempting to have multiple radius servers configured for backup vpn authentication in case primary fails. This appears to work ok. But once the primary server is back up, at what point will the asa begin to use it again. The output of "show aaa-server host 172.25.4.20" says </P><P>Server status: FAILED, Server disabled at 08:04:25. </P><P></P><P>How do you reenable it?</P><P></P><P>aaa-server adauth protocol radius</P><P>aaa-server adauth host 172.25.4.20</P><P> key ***</P><P> authentication-port 1812</P><P> accounting-port 1813</P><P>aaa-server adauth host 172.25.4.40</P><P> key ***</P><P> authentication-port 1812</P><P> accounting-port 1813</P><P></P><P>tunnel-group group general-attributes</P><P> address-pool pool</P><P> authentication-server-group adauth</P><P> default-group-policy policy</P><P></P> Sun, 10 Mar 2019 21:47:35 GMT https://community.cisco.com/t5/network-access-control/multiple-aaa-server-hosts-for-vpn-authentication/m-p/698919#M422668 t-heeter 2019-03-10T21:47:35Z https://community.cisco.com/t5/network-access-control/multiple-aaa-server-hosts-for-vpn-authentication/m-p/698920#M422671 <HTML><HEAD></HEAD><BODY><P>If you configured the authentication server using a DNS name then this problem will occur .Configure the authentication server using an IP Address instead of the DNS name as a workaround.</P></BODY></HTML> Wed, 18 Oct 2006 23:37:34 GMT https://community.cisco.com/t5/network-access-control/multiple-aaa-server-hosts-for-vpn-authentication/m-p/698920#M422671 amritpatek 2006-10-18T23:37:34Z https://community.cisco.com/t5/network-access-control/multiple-aaa-server-hosts-for-vpn-authentication/m-p/698921#M422673 <HTML><HEAD></HEAD><BODY><P>You can add the option in the aaa-server group:</P><P>"reactivation-mode timed"</P><P></P><P>This causes a dead server to be re-added to the pool after 30 seconds. </P><P></P><P>The following link has some good info on the available options. I suggest searching the doc for "reactivation". </P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/cmd_ref/crt_711.pdf" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/cmd_ref/crt_711.pdf</A></P><P></P><P></P><P>-Eric</P><P></P><P>Please remember to rate all helpful posts.</P><P></P><P></P></BODY></HTML> Thu, 19 Oct 2006 00:16:46 GMT https://community.cisco.com/t5/network-access-control/multiple-aaa-server-hosts-for-vpn-authentication/m-p/698921#M422673 ethiel 2006-10-19T00:16:46Z https://community.cisco.com/t5/network-access-control/multiple-aaa-server-hosts-for-vpn-authentication/m-p/698922#M422674 <HTML><HEAD></HEAD><BODY><P>I did use IP address. See config above.</P></BODY></HTML> Thu, 19 Oct 2006 12:00:09 GMT https://community.cisco.com/t5/network-access-control/multiple-aaa-server-hosts-for-vpn-authentication/m-p/698922#M422674 t-heeter 2006-10-19T12:00:09Z https://community.cisco.com/t5/network-access-control/multiple-aaa-server-hosts-for-vpn-authentication/m-p/698923#M422675 <HTML><HEAD></HEAD><BODY><P>I had add the option in the aaa-server group:</P><P>"reactivation-mode timed"</P><P></P><P>but it does not work!</P><P></P><P>When I restart one of the ACS server,my ASA5520 told me this information:</P><P></P><P>Server Address: 10.1.100.35</P><P>Server port: 1645(authentication), 1646(accounting)</P><P>Server status: FAILED, Server disabled at 09:53:57 BJ Tue Dec 19 2006</P><P></P><P>And the server never active again!</P><P></P><P>Can you help me,thanks.</P></BODY></HTML> Tue, 19 Dec 2006 06:06:16 GMT https://community.cisco.com/t5/network-access-control/multiple-aaa-server-hosts-for-vpn-authentication/m-p/698923#M422675 i00116715 2006-12-19T06:06:16Z